Global sportswear giant Nike (Nike) was attacked by international ransomware organization WorldLeaks in January 2026, which involved the theft of 1.4 terabytes of internal data and a total of 188,347 files, and the hackers even set up a countdown timer to threaten to disclose the entire contents, arousing the concern of the global business community and cybersecurity industry.Nike Hong Kong confirmed the incident through its public relations company yesterday, saying that it is working with international cybersecurity experts to start an investigation, but refused to respond to whether to pay the ransom and the specific scope of the leaked data. Nike Hong Kong confirmed the incident through its public relations company yesterday, saying that it was investigating the matter with international cybersecurity experts, but declined to comment on whether a ransom would be paid or the specific scope of the leaked data. The incident has also touched the nerves of local suppliers, who are worried that their business secrets have been leaked.

According to HACKREAD news, WorldLeaks had already "uploaded" Nike-related content on its leaked website as early as January 22, claiming that it had successfully infiltrated Nike's global network and stolen core business data covering the years 2020 to 2026, with a total capacity of 1.4TB involving 188,347 files, and set a countdown timer for January 24, threatening to disclose all the relevant data if Nike has threatened to disclose all the data if it refuses to pay the ransom.

After the countdown on January 24th, WorldLeaks began to publicize data samples in batches, the contents of which surprised Nike's unreleased shoe design blueprints, technical specifications of the Air Max and Jordan series of new products, global supplier lists, procurement agreements, as well as minutes of meetings of executives, financial budgets and other sensitive information. It is worth noting that the hackers deliberately avoided consumers' personal privacy data and focused on commercial secrets, which is regarded by the cybersecurity industry as "precise blackmail targeting the core competitiveness of enterprises".

Until January 26th, Nike finally issued a brief statement confirming that it was investigating a "potential network security incident", emphasizing that it "has always attached great importance to data security and customer privacy, and has immediately activated the emergency response mechanism, together with international network security experts to comprehensively assess the impact of the incident". The statement did not mention the amount of the ransom, whether the ransom has been paid, or the specific scale of the leaked data, but only said that "we will continue to follow up on the incident and update the public on the latest progress in a timely manner".

When the reporter asked Nike Hong Kong, its public relations spokesman reiterated the above position and refused to disclose further details. However, a darknet watchdog said that WorldLeaks had quietly removed all entries about Nike from its website since Jan. 27, prompting speculation that the two sides had reached an agreement, but the statement was not confirmed by Nike or WorldLeaks.

The incident has already had an initial impact on the Hong Kong market. A number of suppliers in Hong Kong who have cooperated with Nike told reporters that they have immediately checked the data exchange system of both sides, worrying that their own quotations, quality standards and other commercial secrets will be leaked, "If the supply chain data is disclosed, it is likely to affect the future cooperation negotiations with Nike, and even by the peer competitors to grasp the disadvantage".

In addition, Nike's Hong Kong-listed American Depositary Receipts (ADRs) were briefly volatile on January 26, with the share price dropping slightly by 0.3% at one point, before stabilizing gradually as market sentiment eased. Local sporting goods retailers said they are closely monitoring whether Nike's new product designs will be revealed in advance due to the data leak, so as to avoid affecting the ordering program and sales performance of their stores.

Cybersecurity experts pointed out that WorldLeaks is a "Ransom as a Service (RaaS)" organization that has been active in recent years. Unlike traditional ransom demands that encrypt the system, the organization focuses on the dual mode of "data theft + public threat", not encrypting the enterprise system to avoid triggering the emergency response mechanism, but instead exerting pressure by disclosing commercial secrets. This tactic poses a greater threat to multinational corporations, especially brands like Nike, which rely on their design and supply chain strengths, and whose loss of trade secrets would be incalculable.

As of today, Nike has yet to further explain the progress of the investigation, and the outside world is still concerned about the authenticity of the leaked data, the source of the attack, and whether Nike will eventually pay the ransom and other core issues.